2008 matches found
DEBIAN-CVE-2026-13082
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets. The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a by default six-character string. The built-in rand function is...
MINI-7F5J-FR8X-9MG2
Bulletin has no description...
DEBIAN-CVE-2026-48863
A flaw was found in libsolv. A stack-based buffer overflow vulnerability exists in the PGP verification component due to incorrect length handling when copying EdDSA 's' MPI into a stack buffer. A remote attacker could craft a malicious Ed25519 PGP signature with mismatched MPI lengths. Processin...
UBUNTU-CVE-2026-61872
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in th...
DEBIAN-CVE-2026-56135
Bulletin has no description...
DEBIAN-CVE-2026-42617
Bulletin has no description...
DEBIAN-CVE-2026-56136
Bulletin has no description...
DEBIAN-CVE-2026-61872
ImageMagick before 7.1.2-26 and 6.9.13-51 contains a memory leak in the TIFF encoder when an invalid tiff:tile-geometry is specified. Supplying malformed tile geometry parameters causes allocated memory not to be released, which can lead to increased memory consumption...
DEBIAN-CVE-2026-48806
Twig is a template language for PHP. Prior to 3.27.0, ArrayExpression does not guard dynamic mapping keys that are coerced to strings, allowing PHP to invoke toString on a Stringable object used as a mapping key without calling SandboxExtension::ensureToStringAllowed. This issue is fixed in versi...
DEBIAN-CVE-2026-46629
Twig is a template language for PHP. Prior to 3.26.0, twig/intl-extra memoises IntlDateFormatter and NumberFormatter instances in arrays keyed by template-controlled filter arguments such as locale, pattern, and attrs, allowing a template to allocate many ICU formatter objects that remain pinned...
CGA-M6H5-2463-WGQX
Bulletin has no description...
DEBIAN-CVE-2026-45755
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...
DEBIAN-CVE-2026-45070
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Mime\Header\ParameterizedHeader validates and encodes parameter values but emits parameter names verbatim, allowing a caller that derive...
DEBIAN-CVE-2026-45069
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 6.4.40, 7.4.12, and 8.0.12, OidcTokenHandler::verifyClaims registered audience aud, issuer iss, and expiry exp checkers but did not pass the mandatory claims list to...
DEBIAN-CVE-2026-45074
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 7.1.0 until 7.4.12 and 8.0.12, Cas2Handler builds the CAS service parameter from Request::getSchemeAndHttpHost, which reflects an attacker-controlled Host header when framework.trustedhosts is n...
MINI-65V7-HWPP-FW54
Bulletin has no description...
MINI-F96P-F6HR-4RFV
Bulletin has no description...
MINI-37CF-HXPW-44G9
Bulletin has no description...
MINI-F8PV-GM4X-9W59
Bulletin has no description...
MINI-Q7MM-GWCH-GF95
Bulletin has no description...